IRULE to search Certificate Subject and Set Username.

Question

Good Afternoon,
I'm trying to get an IRULE to use the Client SSL profile Request handshake to filter the cert and subject.  IRULE was crafted-reused from a few other DevCentral Post.
Here's where I'm at:
Error 4: error: ["unexpected end of arguments;expected argument spec:CERTIFICATE"][X509::subject]
when CLIENTSSL_CLIENTCERT {
  if {([SSL::cert 0] eq "") or (![X509::subject] contains "irene")} {

Reset the connection
    reject

} else {  
      set subject_all [X509::subject [SSL::cert 0]]
      log "Subject: $subject_all"
      binary scan [md5 $subject_all] H* user_hash
      log "$user_hash"
   }
}
What am I missing?
Cheers!

eey0re · Answer

X509::subject needs to be passed the certificate from which to extract the subject, and is missing from your first line.
Try:
if {([SSL::cert 0] eq "") or (![X509::subject [SSL::cert 0]] contains "irene")} {

Forum Discussion

IRULE to search Certificate Subject and Set Username.

1 Reply

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

X509 Subject Formatting

Re: Management Certificate

Automating ACMEv2 Certificate Management on BIG-IP

Automate Let's Encrypt Certificates on BIG-IP

My Security+ Certification Journey